IIS6.0 server station series problem solution

If your server is 2003, it only supports .net by default, does not support asp, so you must do the following:
Open the local computer in iis6.0 - > web service extension
The active server pages are allowed.

Problem 1: Parent path not enabled

Symptom example:
Server.MapPath() Error 'ASP 0175 : 80004005'
Path characters not allowed
/0709/dqyllhsub/news/OpenDatabase.asp, line 4
The character '..' is not allowed in the Path parameter of MapPath.

Reason analysis:
Many web pages use statements such as ../format (ie return to the previous page, which is the parent path), while IIS6.0 is for security reasons. This option is turned off by default.

Workaround:
In IIS Properties -> Home Directory -> Configuration -> Options. Put a check mark in front of "Enable Parent Path". Confirm the refresh.

Question 2: ASP's Web extension is not properly configured (also for ASP.NET, CGI)

Examples of symptoms:
HTTP error 404 - File or directory not found.

Reason analysis:
Added the option of web program extension in IIS6.0, you can allow or prohibit programs such as ASP, ASP.NET, CGI, IDC, etc. by default. Programs such as ASP are forbidden.

Solution:
Select Active Server Pages in the Web Service Extension in IIS and click "Allow".

Question 3: Improper authentication configuration

Examples of symptoms:
HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration.

Cause Analysis: IIS supports the following web authentication methods:
Anonymous Authentication
IIS creates the IUSR_ computer name account (where the computer name is the name of the server running IIS), To authenticate anonymous users when they request web content. This account grants users local login privileges. You can reset anonymous user access to use any valid Windows account. //This article is from the computer hardware and software application network

Basic authentication
Use basic authentication to restrict access to files on NTFS format web servers. With basic authentication, the user must enter credentials and the access is based on the user ID. User IDs and passwords are sent in clear text between networks.

Windows Integrated Authentication
Windows Integrated Authentication is more secure than Basic Authentication and works well in intranet environments where users have Windows domain accounts. In integrated Windows authentication, the browser attempts to use the credentials that the current user used during the domain logon process, and if the attempt fails, the user is prompted for a username and password. If you use integrated Windows authentication, the user's password will not be transferred to the server. If the user logs in to the local computer as a domain user, he does not have to authenticate again when accessing the network computers in this domain.

Digest Authentication
Digest authentication overcomes many of the shortcomings of basic authentication. When using digest authentication, the password is not sent in clear text. Alternatively, you can use digest authentication with a proxy server. Digest authentication uses a challenge/response mechanism (a mechanism used by integrated Windows authentication) where passwords are sent in encrypted form.

.NET Passport Authentication
Microsoft .NET Passport is a user authentication service that allows for single sign-in security, allowing users to access .NET Passport-enabled Web sites and services when they are enabled safer. Sites with .NET Passport enabled rely on the .NET Passport central server to authenticate users. However, the hub server does not authorize or deny specific users access to individual .NET Passport-enabled sites.

Solution:
Configure different authentications as needed (generally anonymous authentication, which is the authentication method used by most sites). Authentication options are configured under IIS Properties -> Security -> Authentication and Access Control.

Problem 4: Improper IP restriction configuration

Example of symptom:
HTTP error 403.6 - Forbidden access: IP address of client is rejected

Cause analysis:
IIS provides a mechanism for IP restrictions. You can configure to restrict certain IPs from accessing the site, or restrict only certain IPs to access the site, if the client is in the IP range that you are blocking, or if you are not allowed. Within the scope, an error message will appear.

Solution:
Enter the properties of IIS -> Security -> IP address and domain name restrictions. If you want to restrict access to certain IP addresses, you need to select authorized access, click Add to select the IP address that is not allowed. Otherwise, only certain IP addresses can be accessed.


Question 5: IUSR account is disabled

Symptom example:
HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials.

Cause Analysis:
Since the account used by the user for anonymous access is the IUSR_ machine name, if this account is disabled, the user will be inaccessible.

Solution:
Control Panel -> Management Tools -> Computer Management -> Local Users and Groups, enable the IUSR_ machine name account.

Problem 6: NTFS permissions are not set properly

Symptoms:
HTTP Error 401.3 - Unauthorized: Access is denied due to ACL settings for the requested resource.

Cause Analysis:
The user of the Web client belongs to the user group. Therefore, if the file has insufficient NTFS permissions (for example, no read permission), the page will be inaccessible.

Solution:
Enter the security tab of the folder, configure the user's permissions, at least to read permissions. The NTFS permission settings are no longer described here.

question 7: IWAM account is not synchronized

symptoms for example:
HTTP 500 - Internal server error

Analysis:
IWAM account IIS is installed when the system A built-in account that is automatically created. After the IWAM account is established, it is used by the Active Directory, IIS metabase database and COM+ application. The account password is saved by the three parties, and the operating system is responsible for the synchronization of the IWAM passwords saved by the three parties. The system's password synchronization work for IWAM accounts sometimes fails, resulting in inconsistent passwords for IWAM accounts.

Solution:
If there is AD, select Start -> Programs -> Administrative Tools -> Active Directory Users and Computers. Set a password for the IWAM account.
Run c:\\Inetpub\\AdminScripts>adsutil SET w3svc/WAMUserPass + Password Synchronize IIS metabase database password
Run cscript c:\\inetpub\\adminscripts\\synciwam.vbs -v Synchronize IWAM account password in COM+ application

Question 8: MIME setup issues cause some types of files to be undownloadable (in the case of ISO)

Examples of symptoms:
HTTP Error 404 - File or directory not found.

Analysis:
IIS6.0 canceled for some MIME types of support, such as ISO, causing the client to download error.

Solution:
In IIS Properties -> HTTP Header -> MIME Type -> New. In the subsequent dialog, the extension is filled in with .ISO and the MIME type is application.


In addition, the firewall blocks, ODBC configuration error, Web server performance limitations, restrictions and other factors also contributed to thread the possible causes IIS server can not access, it is not going to feed here described the.